Flow uses Kubernetes for orchestration. Because we leverage Replicated KOTS to help manage the preflight, install, support and upgrade process of Flow on-premises, it is required that our stack runs in its own instance. Because of this, we recommend the following system requirements for the bare-metal server or virtual machine:
CPU: A minimum of 8 CPU cores, recommended 16 CPU cores or more
Memory: A minimum of 32 GB of RAM, with a recommended amount of 64 GB or more
Disk space: 150 GB, not including the repository cache directory, broken down as follows:
Docker (/var/lib/docker): 75 GB
Kubernetes (/var/lib/kubelet): 35 GB
Replicated (/opt/replicated): 40 GB
CPU: A minimum of 8 CPU cores per node
Memory: A minimum of 32 GB per node
Master node disk space: 150 GB, with the same breakdown as for single node disk space
Worker node disk space: 120 GB, not including the repository cache directory, broken down as follows:
Docker (/var/lib/docker): 75 GB
Replicated (/opt/replicated): 35 GB
Kubernetes (/var/lib/kubelet): 10 GB
Additional storage space considerations
Application (default /opt/flow). This directory will include Flow's repository cache and logs:
- Single node requirements
- The sum of the total sizes of your code repositories, multiplied by 2.5, is recommended
- Multi-node requirements:
- Primary node: 10 GB (application logs)
- Worker node: The sum of the total sizes of your code repositories, multiplied by 2.5, is recommended.
Embedded database (optional; default /opt/flow/database: 2 GB). This directory will include the Postgresql database. An embedded database is not recommended for production implementations. It is typically only viable in small trials of proof-of-concept installations.
Note: Additional nodes/resources may be required to meet processing demands unique to the environment.
Calculating Required Storage
A minimum of 100 GB of storage is recommended for the repository_cache directory. However, this is an estimate based on the average size of customer data. To truly calculate how much storage you require, locate the size of each repository you intend to analyze with Flow, sum them all together, and allot 2.5 times total storage for growth. This directory should be something that can be easily expanded if and when needed.
We strongly recommend running Flow Enterprise on Ubuntu Linux 18.04.
However, the on-premises version of Flow enterprise can be run on other compatible operating systems if necessary, specifically:
Ubuntu 16.04 (Kernel version 4.15+)
CentOS 7.4, 7.5, 7.6, 7.7 ,7.8
RHEL 7.4, 7.5, 7.6, 7.7, 7.8, 7.9
For RHEL and CentOS-based distributions, the file system and storage driver must support the overlay2 storage driver for Docker services. Check out more information on the Docker requirements here.
Note: Our support for operating systems not listed above will be “best effort.”
For AWS-hosted infrastructure, our recommended production specifications are:
An EC2 instance size m5a.4xlarge
A minimum of 150 GB disk space (see single node requirements)
An RDS instance size db.m4.xlarge
Note: Only Password Authentication Mode is supported for the KOTS Admin Console
It is possible to install Flow behind an AWS load balancer and a proper security group. However, installation with an AWS auto scaling group is not supported.
Operating Systems with hardened kernel images containing PAM (privilege access manager agents), SELINUX policies may interfere with Flow installation and normal operation of the software stack. Those agents and policies may need to be disabled for Flow to be installed or functioning normally. Support for such hardened O/S systems are provided on a “best effort” basis.
Flow Enterprise requires a PostgreSQL database server with solid state drives (SSDs). The size of your database server will vary greatly depending on the size of your repositories. We recommend a minimum of:
PostgreSQL Version 12.1+
4 CPU cores or more
16GB of RAM or more
disk space of approximately 25% of the space calculated for the repository_cache directory, as defined above
Installations with hundreds of thousands of repositories have required very large servers with 64 cores and 512 GB RAM.
The database performance greatly impacts the performance of the overall Flow application. Proactive monitoring of the CPU, memory, and IOPS health are key. We recommend engaging your Database team to monitor and tune your database.
Note: It is possible to use an embedded database for small trial installations, but we recommend a standalone database server for your production installation. Your installation consultant can provide more information.
You can implement Flow Enterprise without access to the Internet. However, we recommend that it be able to connect to the web for access for software packages during the install and for future updates. This can be scheduled to coincide with your regular maintenance. If you require the system to have no external internet access, you can implement and maintain an airgapped installation.
IPV6 must be enabled. This ensures compatibility with the underlying network virtualization layers of the Flow product stack.
For data analysis, your Flow Enterprise system must have access to your Git repositories and your ticketing system. The following ports should be allowed to those instances:
HTTP/80 and HTTPS/443: These should be the standard ports for your Git repository and ticket system server data for both Git data and API information.
SSH/22 (usually): Most Git vendors allow for SSH download of repositories they serve.
TCP/6443 for KOTS admin API
TCP/6783 and UDP/6783-6784 for the Weave application service
For access to the system by your users, the following ports should be open to internal users:
HTTP/80: This must be open for internal health-check pings.
HTTPS/443: This must be open for users to use the interface.
HTTPS/8800: This port is used to reach the admin interface with a web browser. It does not have to be open to general users, but must be available to system administrators.
SSH/22: System administrators will need access to SSH on the server instance running Flow enterprise for occasional updates and maintenance.
Additionally, the following ports are used by the application:
5432: between the Flow server and the Postgres database
25, 587, 465: between Flow server and email relay
53: TCP/UDP - the application must be able to resolve itself against a DNS server
Note: Host file entries or other workarounds will not work.
All ports from the Flow server to itself (usually implicit)
Air Gap Infrastructure Diagram
If you need help, please email firstname.lastname@example.org for 24/7 assistance.